Skip to content
Follow
Ubuntu Linux

Install ModSecurity on Apache for Ubuntu: A Comprehensive Guide

Richard
Written by
Richard
Nov 2, 2022 Updated Jul 14, 2026 5 min read
Enable Automatic Suspension in Ubuntu Linux Easily
Enable Automatic Suspension in Ubuntu Linux Easily

ModSecurity on Apache for Ubuntu acts as a web application firewall (WAF) to make your server more secure.

This security tool checks the web traffic coming to your server. It stops bad requests, such as SQL injection or cross-site scripting, before they can damage your web applications.

This guide shows you how to set up ModSecurity version 3.0.10 with Apache 2.4 on Ubuntu 22.04 LTS.

You will learn how to set up ModSecurity so it can guard your Apache web applications against common online attacks.

⚡ Quick Answer

Install ModSecurity and the Apache module using `sudo apt update` and `sudo apt install apache2 libapache2-mod-security2`. Enable the module with `sudo a2enmod security2` and reload Apache.

How to install ModSec with Apache on Ubuntu Linux

ModSecurity (ModSec) is an open-source web application firewall (WAF). Apache was its initial development platform, and ModSec now fully supports Nginx and IIS as a web application security (WAS) tool.

Here’s how to install it with the Apache HTTP server.

Install ModSecurity and Apache

To install ModSecurity and Apache on Ubuntu, you will use a couple of commands in your terminal. This process adds an important security layer to your web server, helping to protect it from common online threats and attacks.

🐧Bash / Shell
sudo apt update
sudo apt install apache2 libapache2-mod-security2

To check that ModSec is installed, run the commands below.

💻Code
apachectl -M | grep security

The command above should produce an output similar to this:

ModSecurity’s Apache module is disabled by default. You can turn the ModSecurity module on by running the commands presented below. Enabling this module is crucial for activating ModSecurity’s web application firewall features, which protect your website.

ModSecurity configuration on your Apache server in Ubuntu actively blocks threats by adjusting its main settings. Begin by copying the recommended configuration file, modsecurity.conf-recommended, and then edit this file to best protect your server.

You’ll find the default configuration file at /etc/modsecurity/modsecurity.conf-recommended. To start customizing, copy this file and rename it modsecurity.conf.

🐧Bash / Shell
sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

Next, run the commands below to open the newly created config file.

🐧Bash / Shell
sudo nano /etc/modsecurity/modsecurity.conf
⚠️Warning
Change the highlighted lines in the file from DetectionOnly to On.
💻Code
# -- Rule engine initialization ----------------------------------------------
# Enable ModSecurity, attaching it to every transaction. Use detection
# only to start with, because that minimises the chances of post-installation
# disruption.
#
SecRuleEngine On

# -- Request body handling ---------------------------------------------------
# Allow ModSecurity to access request bodies. If you don't, ModSecurity
# won't be able to see any POST parameters, which opens a large security
# hole for attackers to exploit.

SecRequestBodyAccess On

# Enable XML request body parser.
# Initiate XML Processor in case of xml content-type

Save and exit, then restart Apache.

🐧Bash / Shell
sudo systemctl restart apache2

Add OWASP ModSecurity rules

Adding the OWASP Core Rule Set (CRS) to ModSecurity in Ubuntu gives your web apps strong, recommended security rules to defend against attacks. You do this by cloning the latest rules from GitHub to your server.

Clone the latest OWASP CRS from GitHub to the /usr/share/ directory by running the commands below.

🐧Bash / Shell
sudo rm -rf /usr/share/modsecurity-crs
sudo git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs
⚠️Warning
Next, rename the example file to crs-setup.conf.
🐧Bash / Shell
sudo mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf

Next, run the commands below to open the ModSec security configuration file.

🐧Bash / Shell
sudo nano /etc/apache2/mods-enabled/security2.conf

Then, edit the highlighted lines to enable the OWASP rules we downloaded above.

💻Code
<IfModule security2_module>
        # Default Debian dir for modsecurity's persistent data
        SecDataDir /var/cache/modsecurity
		
        # Include all the *.conf files in /etc/modsecurity.
        # Keeping your local configuration in that directory
        # will allow for an easy upgrade of THIS file and
        # make your life easier
        IncludeOptional /etc/modsecurity/*.conf
		
        # Include OWASP ModSecurity CRS rules if installed

        IncludeOptional /usr/share/modsecurity-crs/*.conf
        IncludeOptional /usr/share/modsecurity-crs/rules/*.conf
</IfModule>

Save and exit.

Restart Apache and you’re good to go.

🐧Bash / Shell
sudo systemctl restart apache2

To test that ModSec is running, run the commands below.

💻Code
curl 'http://127.0.0.1/test.html?a=<script>alert(1);</script>'

You should get an output message similar to the one below:

💻Code
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
<hr>
<address>Apache/2.4.52 (Ubuntu) Server at 127.0.0.1 Port 80</address>
</body></html>

That should do it!

Conclusion:

  • ModSecurity is a powerful open-source web application firewall (WAF) that offers an extra layer of security to detect and prevent attacks before they reach the web application.
  • Following the installation steps outlined above, you can successfully set up ModSecurity with Apache on Ubuntu Linux.
  • OWASP ModSecurity rules, when applied, provide recommended security settings to protect your applications further.
  • After completing the installation and configuration, you can verify the functionality of ModSecurity by testing it with a sample HTTP request.
  • Your feedback is welcomed, and please feel free to use the comment form below to report any errors or add additional insights.

What is mod_security in Apache?

ModSecurity is the standard open-source web application firewall (WAF) engine. Originally designed as a module for the Apache HTTP Server, it has evolved to provide HTTP request and response filtering capabilities across a number of different platforms including Apache HTTP Server, Microsoft IIS and Nginx.

Is ModSecurity a good WAF?

Why use ModSecurity? Web Application Firewalls are often the first line of defense against HTTP attacks on web applications and servers. The ModSecurity WAF is widely used for this purpose along with the Coraza WAF, also provided by OWASP.

Was this guide helpful?

Was this helpful?
Richard

About the Author

Richard

Tech Writer, IT Professional

Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.

📚 Related Tutorials

How to Install Windows Subsystem for Linux (WSL) on Windows 11
Ubuntu Linux How to Install Windows Subsystem for Linux (WSL) on Windows 11
How to Allow Remote Connections to MySQL Database Server
Ubuntu Linux How to Allow Remote Connections to MySQL Database Server
How to Add a User to Sudoers in Ubuntu
Ubuntu Linux How to Add a User to Sudoers in Ubuntu
How to Install KDE Desktop on Ubuntu 24.04
Ubuntu Linux How to Install KDE Desktop on Ubuntu 24.04

No comments yet — be the first to share your thoughts!

Leave a Comment

Your email address will not be published. Required fields are marked *